Re: heads up: tcpwrappers support going away

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

 


On Thu, 24 Apr 2014, Damien Miller wrote:

> On Wed, 23 Apr 2014, Damien Miller wrote:
> 
> > A simple way out of this would be adding "Match exec" support to sshd_config
> > like ssh_config got in the last couple of releases. Anyone want to do this?
> 
> like this:
> 
> Index: servconf.c
...

and applied using:

Match exec "/path/to/wrapssh '%h' '%a' '%l' '%A'"
	MaxAuthTries 0

with a helper as simple as: (btw, I'd accept a fleshed-out version of this
for contrib/ if anyone wants to do the work)

#include <syslog.h>
#include <tcpd.h>

int
main(int argc, char **argv)
{
	struct request_info req;

	openlog("sshd-tcpwrap", LOG_NDELAY|LOG_PERROR|LOG_PID, LOG_AUTH);
	
	/* Client host, client address, server host, server address */
	if (argc != 5) {
		syslog(LOG_ERR, "expected 4 arguments, got %d", argc - 1);
		return 2;
	}
	request_init(&req,
	    RQ_DAEMON, "sshd",
	    RQ_CLIENT_NAME, argv[1],
	    RQ_CLIENT_ADDR, argv[2],
	    RQ_SERVER_NAME, argv[3],
	    RQ_SERVER_ADDR, argv[4],
	    0);
	if (!hosts_access(&req)) {
		syslog(LOG_ERR, "tcpwrappers refused connection");
		return 1;
	}
	return 0;
}
_______________________________________________
openssh-unix-dev mailing list
openssh-unix-dev@xxxxxxxxxxx
https://lists.mindrot.org/mailman/listinfo/openssh-unix-dev
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux